From patchwork Fri Oct 13 11:04:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Lagerwall X-Patchwork-Id: 10004191 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C3D2C602B3 for ; Fri, 13 Oct 2017 11:07:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B6EAB29029 for ; Fri, 13 Oct 2017 11:07:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A9D5529021; Fri, 13 Oct 2017 11:07:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 389D029021 for ; Fri, 13 Oct 2017 11:07:42 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e2xm5-0003TZ-6E; Fri, 13 Oct 2017 11:05:05 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e2xm3-0003TT-Lp for xen-devel@lists.xenproject.org; Fri, 13 Oct 2017 11:05:03 +0000 Received: from [193.109.254.147] by server-9.bemta-6.messagelabs.com id 2A/24-30115-EDD90E95; Fri, 13 Oct 2017 11:05:02 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprKIsWRWlGSWpSXmKPExsXitHRDpO7tuQ8 iDea9kLb4vmUykwOjx+EPV1gCGKNYM/OS8isSWDPu3/jCVtCgVPH+02TWBsaHMl2MnBwSAv4S 7dvns4LYbAIGErcufWfuYuTgEBFQkbi91wAkzCxQLnFi+2E2EFtYwEfi/7xXLCA2i4CqRMuWm WBxXgE7iSXLlrJDjJST2HNxBjvIGE4Be4nLm+RAwkJAJf9eHWSCsNUk3i4/wwLRKihxcuYTFo hVEhIHX7xgnsDIOwtJahaS1AJGplWMGsWpRWWpRbrGRnpJRZnpGSW5iZk5uoYGZnq5qcXFiem pOYlJxXrJ+bmbGIGBwwAEOxhPrws8xCjJwaQkyqsW+SBSiC8pP6UyI7E4I76oNCe1+BCjDAeH kgSvADAQhQSLUtNTK9Iyc4AhDJOW4OBREuH1AUnzFhck5hZnpkOkTjEacxzbdPkPE0fHzbt/m IRY8vLzUqXEeRVASgVASjNK8+AGwWLrEqOslDAvI9BpQjwFqUW5mSWo8q8YxTkYlYR5FUGm8G TmlcDtewV0ChPQKe8iwE4pSURISTUwJoSuObpG+MmZhEWO+y6/Fr3htrTuj/a0gpVv4+49PRJ 248vdS5l9RzZ19J5/m9LpapO8KTa7ZvU3ydq5sZccJE8d/W3DX7/z6Ht7oTnbOzhtwu0vq/Lc Vngz9e3p3PBLbzMWLXmv5czG5VRre7X70fN8R2dJjYbLRe/DX5x7G6UcMP3j46qTHEosxRmJh lrMRcWJAG6QN4moAgAA X-Env-Sender: prvs=452428aa2=ross.lagerwall@citrix.com X-Msg-Ref: server-7.tower-27.messagelabs.com!1507892697!106922560!1 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 20386 invoked from network); 13 Oct 2017 11:04:59 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-7.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 13 Oct 2017 11:04:59 -0000 X-IronPort-AV: E=Sophos;i="5.43,370,1503360000"; d="scan'208";a="445883236" From: Ross Lagerwall To: Date: Fri, 13 Oct 2017 12:04:50 +0100 Message-ID: <20171013110450.19176-2-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171013110450.19176-1-ross.lagerwall@citrix.com> References: <20171013110450.19176-1-ross.lagerwall@citrix.com> MIME-Version: 1.0 Cc: Ross Lagerwall , Ian Jackson , Wei Liu Subject: [Xen-devel] [PATCH v2 2/2] xentoolcore_restrict_all: Implement for libxenevtchn X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Ross Lagerwall --- tools/Rules.mk | 2 +- tools/libs/evtchn/Makefile | 4 ++-- tools/libs/evtchn/core.c | 13 +++++++++++++ tools/libs/evtchn/private.h | 3 +++ tools/libs/toolcore/include/xentoolcore.h | 5 ----- 5 files changed, 19 insertions(+), 8 deletions(-) diff --git a/tools/Rules.mk b/tools/Rules.mk index be92f0a..61515d3 100644 --- a/tools/Rules.mk +++ b/tools/Rules.mk @@ -109,7 +109,7 @@ LDLIBS_libxentoolcore = $(SHDEPS_libxentoolcore) $(XEN_LIBXENTOOLCORE)/libxentoo SHLIB_libxentoolcore = $(SHDEPS_libxentoolcore) -Wl,-rpath-link=$(XEN_LIBXENTOOLCORE) CFLAGS_libxenevtchn = -I$(XEN_LIBXENEVTCHN)/include $(CFLAGS_xeninclude) -SHDEPS_libxenevtchn = +SHDEPS_libxenevtchn = $(SHLIB_libxentoolcore) LDLIBS_libxenevtchn = $(SHDEPS_libxenevtchn) $(XEN_LIBXENEVTCHN)/libxenevtchn$(libextension) SHLIB_libxenevtchn = $(SHDEPS_libxenevtchn) -Wl,-rpath-link=$(XEN_LIBXENEVTCHN) diff --git a/tools/libs/evtchn/Makefile b/tools/libs/evtchn/Makefile index bc98aed..9952b30 100644 --- a/tools/libs/evtchn/Makefile +++ b/tools/libs/evtchn/Makefile @@ -7,7 +7,7 @@ SHLIB_LDFLAGS += -Wl,--version-script=libxenevtchn.map CFLAGS += -Werror -Wmissing-prototypes CFLAGS += -I./include $(CFLAGS_xeninclude) -CFLAGS += $(CFLAGS_libxentoollog) +CFLAGS += $(CFLAGS_libxentoollog) $(CFLAGS_libxentoolcore) SRCS-y += core.c SRCS-$(CONFIG_Linux) += linux.c @@ -61,7 +61,7 @@ libxenevtchn.so.$(MAJOR): libxenevtchn.so.$(MAJOR).$(MINOR) $(SYMLINK_SHLIB) $< $@ libxenevtchn.so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxenevtchn.map - $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenevtchn.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS) + $(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenevtchn.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(LDLIBS_libxentoolcore) $(APPEND_LDFLAGS) .PHONY: install install: build diff --git a/tools/libs/evtchn/core.c b/tools/libs/evtchn/core.c index 41621ff..14b7549 100644 --- a/tools/libs/evtchn/core.c +++ b/tools/libs/evtchn/core.c @@ -18,6 +18,16 @@ #include "private.h" +static int all_restrict_cb(Xentoolcore__Active_Handle *ah, domid_t domid) { + xenevtchn_handle *xce = CONTAINER_OF(ah, *xce, tc_ah); + + if (xce->fd < 0) + /* just in case */ + return 0; + + return xenevtchn_restrict(xce, domid); +} + xenevtchn_handle *xenevtchn_open(xentoollog_logger *logger, unsigned open_flags) { xenevtchn_handle *xce = malloc(sizeof(*xce)); @@ -29,6 +39,9 @@ xenevtchn_handle *xenevtchn_open(xentoollog_logger *logger, unsigned open_flags) xce->logger = logger; xce->logger_tofree = NULL; + xce->tc_ah.restrict_callback = all_restrict_cb; + xentoolcore__register_active_handle(&xce->tc_ah); + if (!xce->logger) { xce->logger = xce->logger_tofree = (xentoollog_logger*) diff --git a/tools/libs/evtchn/private.h b/tools/libs/evtchn/private.h index 3d34862..31e595b 100644 --- a/tools/libs/evtchn/private.h +++ b/tools/libs/evtchn/private.h @@ -4,11 +4,14 @@ #include #include +#include + #include struct xenevtchn_handle { xentoollog_logger *logger, *logger_tofree; int fd; + Xentoolcore__Active_Handle tc_ah; }; int osdep_evtchn_open(xenevtchn_handle *xce); diff --git a/tools/libs/toolcore/include/xentoolcore.h b/tools/libs/toolcore/include/xentoolcore.h index be6c570..ef9c670 100644 --- a/tools/libs/toolcore/include/xentoolcore.h +++ b/tools/libs/toolcore/include/xentoolcore.h @@ -31,11 +31,6 @@ * Arranges that Xen library handles (fds etc.) which are currently held * by Xen libraries, can no longer be used other than to affect domid. * - * Does not prevent effects that amount only to - * - denial of service, possibly host-wide, by resource exhaustion etc. - * - leak of not-very-interesting metainformation about other domains - * eg, specifically, event channel signals relating to other domains - * * If this cannot be achieved, returns -1 and sets errno. * If called again with the same domid, it may succeed, or it may * fail (even though such a call is potentially meaningful).